IDS mailing list archives

RE: IDS, IPS or just rubbish?

From: "David J. Meltzer" <djm () intrusec com>
Date: Tue, 24 Jun 2003 23:28:42 -0400

They kept telling me about SQL Slammer and how this solution will stop

it.

What utter crap. Can anyone on this list tell me of a signature-based

IDS

which picked Slammer up in the 2-odd hours it needed to propogate?


Not to rehash old threads, but it was well established on focus-ids
months ago (see the "Did IDSes detect the SQL worm? Thread) that at
least ISS RealSecure, NFR, and Dragon all had pre-existing signatures
for the buffer overflow Slammer exploited and picked it up.

-Dave

-------------------
David J. Meltzer
djm () intrusec com   
CTO, Intrusec, Inc.


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------

Current thread:

IDS, IPS or just rubbish? Jack Ryan (Jun 24)
- RE: IDS, IPS or just rubbish? David J. Meltzer (Jun 25)
- RE: IDS, IPS or just rubbish? Rob Shein (Jun 25)
- RE: IDS, IPS or just rubbish? Curt Purdy (Jun 25)
- Re: IDS, IPS or just rubbish? Ravi (Jun 26)
- <Possible follow-ups>
- RE: IDS, IPS or just rubbish? Golomb, Gary (Jun 25)